package com.haizhi.crm.sys.shiro;

import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;

import javax.servlet.Filter;
import java.util.LinkedHashMap;

/**
 * Created by gikieng on 18/1/18.
 */
//@SpringBootConfiguration
public class AuthConfig {

    @Bean
    public ChainDefinitionProvider chainDefinitionProvider() {
        return new ChainDefinitionProvider();
    }

    @Bean
    public EhCacheManager ehCacheManager() {
        EhCacheManager cacheManager = new EhCacheManager();
        cacheManager.setCacheManagerConfigFile("classpath:config/ehcache-shiro.xml" );
        return cacheManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        LinkedHashMap<String, Filter> filters = new LinkedHashMap<>();

        filters.put("cookie", cookieFilter());
        filters.put("roles", new UserRolesAuthorizationFilter());

        shiroFilterFactoryBean.setFilters(filters);

        shiroFilterFactoryBean.setLoginUrl("/auth/unauth" );
        shiroFilterFactoryBean.setSuccessUrl("/index" );
        shiroFilterFactoryBean.setUnauthorizedUrl("/auth/unauth" );

        shiroFilterFactoryBean.setFilterChainDefinitionMap(chainDefinitionProvider().getAllRolesPermissions());
        return shiroFilterFactoryBean;
    }

    @Bean
    public FormAuthenticationFilter cookieFilter() {
        FormAuthenticationFilter filter = new FormAuthenticationFilter();
        filter.setRememberMeParam("haizhi-crm" );
        return filter;
    }

    @Bean
    public UserRealm myShiroRealm() {
        return new UserRealm(new UserCredentialsMatcher());
    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        securityManager.setCacheManager(ehCacheManager());

        securityManager.setRememberMeManager(cookieRememberMeManager());
        return securityManager;
    }

    @Bean
    public SimpleCookie simpleCookie() {
        SimpleCookie cookie = new SimpleCookie();
        cookie.setHttpOnly(true);
        cookie.setMaxAge(43200);//半天后过期
        cookie.setName("haizhi-crm" );
        cookie.setPath("/" );
        return cookie;
    }

    @Bean
    public CookieRememberMeManager cookieRememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(simpleCookie());
        //cookieRememberMeManager.setCipherKey(Base64.decode("2AvVhdsgUs0FSA3SDFAdag=="));
        return cookieRememberMeManager;
    }

    /**
     * @Description: 开启Shiro的注解(如 @ RequiresRoles, @ RequiresPermissions), 需借助SpringAOP扫描使用Shiro注解的类, 并在必要时进行安全逻辑验证
     * @Author: caochao
     * @Date: 2018/5/23
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
        return authorizationAttributeSourceAdvisor;
    }

}